The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change secdatadir

Discussion in 'Security' started by k2tec, Dec 21, 2015.

  1. k2tec

    k2tec Well-Known Member

    Joined:
    Aug 26, 2011
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    I tried to change the dir of secdatadir from /var/cpanel/secdatadir
    to
    /var/log/secdatadir
    because of the error in ModSecurity

    Code:
    ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
    ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/global
    
    I create the dir
    mkdir /var/log/secdatadir
    chown -R nobody:nobody /var/log/secdatadir
    copied the files ip.pag,ip.dir, global.dir, global.pag to /var/log/secdatadir
    chmod o-rx -R /var/log/secdatadir
    chmod ug+rwx -R /var/log/secdatadir

    Made the change in my /usr/local/apache/conf/modsec2.user.conf
    SecDataDir "/var/log/secdatadir"

    I use WHM 11.52.1 (build 3)
    • Apache 2.4
    • PHP 5.4
    • MPM Prefork
    • Mod Ruid2

    I've read a lot on this forum, but have not found the answer
     
    #1 k2tec, Dec 21, 2015
    Last edited by a moderator: Dec 21, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    That's not a viable workaround to the problem you are reporting. This issue is caused by a combination of Apache Mod Ruid2 with Mod Security rules that use file-backed collections. This happens because Mod Ruid2 causes Mod Security to access /var/cpanel/secdatadir as the account which owns that domain, instead of as the "nobody" user. There's a thread on this at:

    Mod RUID 2 and ModSecurity

    Thank you.
     
    quizknows likes this.
  3. k2tec

    k2tec Well-Known Member

    Joined:
    Aug 26, 2011
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Thanks Michael, I will give it try tomorrow.
    This is the thread that I missed.
    there has been written a lot about this issue
     
Loading...

Share This Page